Am 18.12.2009 16:42, schrieb Simon Josefsson:
Storing a hash for every mechanism will not work. E.g. for DIGEST-MD5
the server has to hash the clear-text password with a value the client
provides.
That is true for CRAM-MD5, but not for DIGEST-MD5 and SCRAM-MD5. With
the latter two mechanisms, the server can store a hash and perform
authentications without access to the password. For CRAM-MD5 this is
not possible, and the server indeed needs to have access to the
cleartext password for things to work.
Maybe I mixed those two. Anyway, using SASL the server has to feed SASL
with the clear-text password (at least this is my knowledge about the
SASL-API, which might be outdated or inaccurate).
Regards,
Alexander
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
